On Wed, 2003-10-01 at 08:30, Michael Stauber wrote: > Lets look at another crucial service: OpenSSH. Both PKGmaster.com and > Solarspeed.net have OpenSSH PKGs which are statically compiled against a now > vulnerable OpenSSL.
*If* I understand the previous explanations right, it is "ssl" part of OpenSSL that is vulnerable (to the injection of a special client certificate). As far as I understand, openssh only uses "crypto" part of the OpenSSL package, which probably makes it unaffected by the bugs in the "ssl" part. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
